I am trying to update Powershell to version 5.1 which I have downloaded directly from Microsoft's website. The download's are signed from Microsoft (although the signatures are expired by a few months), but when I try to run the script I am given an error saying that this script is not trusted by my computer, and if I should continue to execute the script?

I am wondering why a script, directly from Microsoft's website, would present an error as being "unsafe." I am curious if people would recommend me to NOT run the script, or how I should proceed since I have to update to Powershell 5.0+ in order to configure another application (yeah very annoying).

Also to note that there were 2 different pages on Microsoft's site where I could download these scripts and each page had a different download link from the other. One was from download.microsoft and the other was from go.microsoft (I downloaded from the former link). I am not sure why there are 2 different links, but not sure if that is a cause for concern.

I can't seem to find the other page with download information though, but this other page also had information on how to upgrade powershell. The page said to run the script from the powershell console(didn't work for me so I right click and clicked "execute script"). The first link (above) doesn't give any information on what we should do to upgrade. I have not tried running the MSU file itself either.

Here is some safety information on the 2 files that were downloaded in a zip file from the first link.

The first is signed by "Microsoft Code Signing PCA 2011" and the second is signed by "Microsoft Code Signing PCA" not sure that means anything though. I find it odd that the signing is expired as well and hasn't been updated.

I am wondering if maybe the signature being expired has something to do with this "untrusted" issue or maybe there is something deeper than that?

EDIT: This is what is says when I run the script.

"Do you want to run software from this untrusted publisher?

File (name) is published by CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US and is not trusted on your system. Only run scripts from trusted publishers."

1 Answer
1

An expired signature should always trigger a warning for signed code, whether it is compiled or interpreted. This is normal and expected.

On top of that, the CA cert used to sign that cert is also expired.

Since the file came directly from the vendor, it is probably safe to use. This is especially true since it was countersigned by their time stamp PCA, which acts as a witness that this file existed at the date specified and was already signed by Microsoft at that point. (Countersignatures are usually done by third parties, but whatever.)

While it is bad form to distribute code signed with expired certs, it is not unheard of. In this case, the signer and the distributor are the same company, so they could simply cease distribution if they believed the file was altered.

Thanks for this. I figured it was weird that the file wasn't updated, and I wonder if the other page I was looking at could be an updated version, but I cannot find that page anymore (even in my history) and the other page comes up in a quick web-search. I figured that since it's from Microsoft that I should be okay, but wanted to double-check. The whitelist scans show that it's safe and signed (even with the expired certs), but I'm not sure how accurate it is with detecting malicious code. So you yourself would run this script then? Thanks!
– MXBusterAug 9 '18 at 23:34